Although www.notify.bluecoat.com is a virtual URL that the ProxySG appliance uses internally, there are scenarios where the ProxySG might contact the OCS to complete the policy evaluation.
For example: When there is a local policy rule with a condition based on an HTTP header (www.notify.bluecoat.com), the ProxySG contacts the OCS to receive a response. When the OCS is unavailable, the ProxySG returns an error message to the client because the rule failed.
Check if the ICAP best practice is activated, as it is known to cause this issue. It is caused by the following CPL inside your Local Policy File:
If this does not apply or if the suggested fix does not resolve the issue, try one of the two solutions proposed below:
1. Set a layer guard to skip these rules. A layer guard is automatically added to all virtual policy manager (VPM) layers. This needs to be manually changed in local policy layers. For example, to negate www.notify.bluecoat.com, set a layer guard in order to bypass policy evaluations. Otherwise, the request processes the rules in the Web Access Layer.
2. Change Notify User virtual URL to a different URL which can guarantee the user it is always available for normal browsing. Use an internal company domain as a place holder (for example: http://notify.unique.com). However, the domain needs to be valid and obtainable within the network, or at least from the ProxySG appliance. The virtual URL you choose will no longer be accessible through the ProxySG appliance. Therefore, it should be a unique domain which returns a HTTP response, but is not required for any other purpose.
Be aware that the virtual notify URL will no longer be accessible from a browser using the ProxySG appliance.
Imported Document ID: 000014008
Subscribing will provide email updates when this Article is updated. Login is required.